decided not to add captcha, since it's not so user friendly and has issues with accessibility.
added honeytrap, invisible form field, which should not be populated by humans. added "forbidden" validator, which will prevent saving if the field is populated. bots can't read so they should fall into the trap.
another protection is adding checkbox "i'm not a bot" dynamically, using javascript. this is not necessary, since we add all form fields using javascript.
logged in users can choose to add comments and posts anonymously. anonymous users will be presented the same select box without option to save as logged in user. this will serve as a reminder, if they forgot to login.
decided not to add captcha, since it's not so user friendly and has issues with accessibility. added honeytrap, invisible form field, which should not be populated by humans. added "forbidden" validator, which will prevent saving if the field is populated. bots can't read so they should fall into the trap. another protection is adding checkbox "i'm not a bot" dynamically, using javascript. this is not necessary, since we add all form fields using javascript. logged in users can choose to add comments and posts anonymously. anonymous users will be presented the same select box without option to save as logged in user. this will serve as a reminder, if they forgot to login.